Minted narwhal!
I am/was burnt sienna goose
I am/was burnt sienna goose
April 29, 2025 at 7:45 PM
Minted narwhal!
I am/was burnt sienna goose
I am/was burnt sienna goose
🎥 Want a deeper dive? Check out Atomics on a Friday, where we introduce SDDLMaker!
▶️ https://www.youtube.com/watch?v=uSYvHUVU8xY
🔄 RT/Reshare if you find this useful! 🚀
#WindowsSecurity #SDDL #Cybersecurity #Splunk #AtomicRedTeam
▶️ https://www.youtube.com/watch?v=uSYvHUVU8xY
🔄 RT/Reshare if you find this useful! 🚀
#WindowsSecurity #SDDL #Cybersecurity #Splunk #AtomicRedTeam
Atomics on a Tuesday || Introducing The SDDLMaker
🌟 🔬 In this EXTRAORDINARY episode of Atomics on a Tuesday 🎯, we venture deep into the mysterious realm of Windows Security Descriptor Definition Language ...
www.youtube.com
February 21, 2025 at 3:56 PM
🎥 Want a deeper dive? Check out Atomics on a Friday, where we introduce SDDLMaker!
▶️ https://www.youtube.com/watch?v=uSYvHUVU8xY
🔄 RT/Reshare if you find this useful! 🚀
#WindowsSecurity #SDDL #Cybersecurity #Splunk #AtomicRedTeam
▶️ https://www.youtube.com/watch?v=uSYvHUVU8xY
🔄 RT/Reshare if you find this useful! 🚀
#WindowsSecurity #SDDL #Cybersecurity #Splunk #AtomicRedTeam
🛠️ Splunk Security Content:
🔗 https://research.splunk.com/stories/defense_evasion_or_unauthorized_access_via_sddl_tampering/
🧠 Mind Map:
🔗 https://github.com/MHaggis/SDDLMaker/tree/main/MindMap
🧵 (5/)
🔗 https://research.splunk.com/stories/defense_evasion_or_unauthorized_access_via_sddl_tampering/
🧠 Mind Map:
🔗 https://github.com/MHaggis/SDDLMaker/tree/main/MindMap
🧵 (5/)
Analytics Story: Defense Evasion or Unauthorized Access Via SDDL Tampering
Date: 2024-12-06 ID: 8ccdd852-3878-4871-ae37-e5af5c67baf3 Author: Nasreddine Bencherchali, Michael Haag, Splunk Product: Splunk Enterprise Security Description This analytic story focuses on…
research.splunk.com
February 21, 2025 at 3:55 PM
🛠️ Splunk Security Content:
🔗 https://research.splunk.com/stories/defense_evasion_or_unauthorized_access_via_sddl_tampering/
🧠 Mind Map:
🔗 https://github.com/MHaggis/SDDLMaker/tree/main/MindMap
🧵 (5/)
🔗 https://research.splunk.com/stories/defense_evasion_or_unauthorized_access_via_sddl_tampering/
🧠 Mind Map:
🔗 https://github.com/MHaggis/SDDLMaker/tree/main/MindMap
🧵 (5/)
💡 Need to decode or generate SDDL? Try SDDLMaker 🔧
👉 https://thesddlmaker.streamlit.app/
📜 Read the full blog:
🔗 https://www.splunk.com/en_us/blog/security/windows-security-sddl-guide-access-control.html
🧵 (4/)
👉 https://thesddlmaker.streamlit.app/
📜 Read the full blog:
🔗 https://www.splunk.com/en_us/blog/security/windows-security-sddl-guide-access-control.html
🧵 (4/)
SDDL Parser
Welcome to , a handcrafted bespoke tool to revolutionize the way you build and analyze Windows Se...
thesddlmaker.streamlit.app
February 21, 2025 at 3:55 PM
💡 Need to decode or generate SDDL? Try SDDLMaker 🔧
👉 https://thesddlmaker.streamlit.app/
📜 Read the full blog:
🔗 https://www.splunk.com/en_us/blog/security/windows-security-sddl-guide-access-control.html
🧵 (4/)
👉 https://thesddlmaker.streamlit.app/
📜 Read the full blog:
🔗 https://www.splunk.com/en_us/blog/security/windows-security-sddl-guide-access-control.html
🧵 (4/)
Top 3 Things You'll Learn:
1️⃣ How attackers exploit SDDL—event log tampering, service hardening, & more
2️⃣ How to decode SDDL strings & analyze permissions, DACLs, and ACEs
3️⃣ How to defend against SDDL abuse with detections & Atomic Red Team tests
🧵 (3/)
1️⃣ How attackers exploit SDDL—event log tampering, service hardening, & more
2️⃣ How to decode SDDL strings & analyze permissions, DACLs, and ACEs
3️⃣ How to defend against SDDL abuse with detections & Atomic Red Team tests
🧵 (3/)
February 21, 2025 at 3:55 PM
Top 3 Things You'll Learn:
1️⃣ How attackers exploit SDDL—event log tampering, service hardening, & more
2️⃣ How to decode SDDL strings & analyze permissions, DACLs, and ACEs
3️⃣ How to defend against SDDL abuse with detections & Atomic Red Team tests
🧵 (3/)
1️⃣ How attackers exploit SDDL—event log tampering, service hardening, & more
2️⃣ How to decode SDDL strings & analyze permissions, DACLs, and ACEs
3️⃣ How to defend against SDDL abuse with detections & Atomic Red Team tests
🧵 (3/)
In our latest blog, we break down SDDL: 🔹 How it structures Windows security
🔹 How attackers—from LockBit to RomCom—manipulate it for privilege escalation & defense evasion
🔹 How to detect & defend 🛡️
🧵 (2/)
🔹 How attackers—from LockBit to RomCom—manipulate it for privilege escalation & defense evasion
🔹 How to detect & defend 🛡️
🧵 (2/)
February 21, 2025 at 3:55 PM
In our latest blog, we break down SDDL: 🔹 How it structures Windows security
🔹 How attackers—from LockBit to RomCom—manipulate it for privilege escalation & defense evasion
🔹 How to detect & defend 🛡️
🧵 (2/)
🔹 How attackers—from LockBit to RomCom—manipulate it for privilege escalation & defense evasion
🔹 How to detect & defend 🛡️
🧵 (2/)
Tomorrow, join us for a legendary episode of Atomics on a Friday featuring Jonathan Johnson (@jsecurity101) as we dive deep into JonMon—the tool redefining Windows telemetry!
January 24, 2025 at 3:02 AM
Tomorrow, join us for a legendary episode of Atomics on a Friday featuring Jonathan Johnson (@jsecurity101) as we dive deep into JonMon—the tool redefining Windows telemetry!
🔥 Tools for Testing:
➡️ Apache Builder: https://buff.ly/4fOt8F9
➡️ IIS Builder: https://buff.ly/4fLGySm
Empower your security team to hunt, detect, and patch gaps before attackers exploit them. 🛡️
Test, learn, and refine! #CyberSecurity #ThreatHunting #WebShellDetection
notes/utilities/ApachePHPBuild at master · MHaggis/notes
Full of public notes and Utilities. Contribute to MHaggis/notes development by creating an account on GitHub.
buff.ly
November 27, 2024 at 6:13 PM
🔥 Tools for Testing:
➡️ Apache Builder: https://buff.ly/4fOt8F9
➡️ IIS Builder: https://buff.ly/4fLGySm
Empower your security team to hunt, detect, and patch gaps before attackers exploit them. 🛡️
Test, learn, and refine! #CyberSecurity #ThreatHunting #WebShellDetection
💻 How to Use:
1️⃣ Deploy your favorite tools (Sysmon, EDR, XDR, etc.)
2️⃣ Grab a webshell of choice, upload it, and start testing!
3️⃣Observe logs, alerts, and behaviors to identify gaps in your coverage.
1️⃣ Deploy your favorite tools (Sysmon, EDR, XDR, etc.)
2️⃣ Grab a webshell of choice, upload it, and start testing!
3️⃣Observe logs, alerts, and behaviors to identify gaps in your coverage.
notes/utilities/ApachePHPBuild at master · MHaggis/notes
Full of public notes and Utilities. Contribute to MHaggis/notes development by creating an account on GitHub.
buff.ly
November 27, 2024 at 6:13 PM
💻 How to Use:
1️⃣ Deploy your favorite tools (Sysmon, EDR, XDR, etc.)
2️⃣ Grab a webshell of choice, upload it, and start testing!
3️⃣Observe logs, alerts, and behaviors to identify gaps in your coverage.
1️⃣ Deploy your favorite tools (Sysmon, EDR, XDR, etc.)
2️⃣ Grab a webshell of choice, upload it, and start testing!
3️⃣Observe logs, alerts, and behaviors to identify gaps in your coverage.
🔍 Detection Opportunities:
Use these servers to validate analytic coverage for:
🗂️ File modifications (webshell uploads)
⚙️ Process executions (commands from shells)
🎯 Suspicious behaviors triggered by shells
Use these servers to validate analytic coverage for:
🗂️ File modifications (webshell uploads)
⚙️ Process executions (commands from shells)
🎯 Suspicious behaviors triggered by shells
notes/utilities/ApachePHPBuild at master · MHaggis/notes
Full of public notes and Utilities. Contribute to MHaggis/notes development by creating an account on GitHub.
buff.ly
November 27, 2024 at 6:13 PM
🔍 Detection Opportunities:
Use these servers to validate analytic coverage for:
🗂️ File modifications (webshell uploads)
⚙️ Process executions (commands from shells)
🎯 Suspicious behaviors triggered by shells
Use these servers to validate analytic coverage for:
🗂️ File modifications (webshell uploads)
⚙️ Process executions (commands from shells)
🎯 Suspicious behaviors triggered by shells